Privacy Policy

PRIVACY NOTICE ON THE PROCESSING OF PERSONAL DATA

pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (“GDPR”)
and Legislative Decree 30 June 2003 No. 196 (“Italian Privacy Code”), as amended by Legislative Decree 101/2018

1. Data Controller

The Data Controller is:
HolAp srl, with registered office in Maccagno con Pino e Veddasca,
Tax Code/VAT No. 04095820124/04095820124
E-mail: info.italia@holap.ch
PEC (certified e-mail): holapsrl@pec.it
Tel.: +39 347 6393 183

2. Data processed

Depending on how you use the website, we may process:

Browsing data (e.g., IP address, date and time of connection, pages viewed, browser type, operating system);

Data voluntarily provided by the user (e.g., first name, last name, e-mail address, telephone number, message contents or other fields you fill in);

Newsletter-related data (e-mail address, subscription/unsubscription logs);

Data collected through cookies and similar technologies, for technical, statistical and – if enabled – marketing/profiling purposes (see the “Cookies” section and the Cookie Policy).

We do not intentionally process special categories of personal data (e.g., health data, religious or political beliefs) through the website, unless in specific cases and always with a dedicated notice.

3. Purposes and legal bases of the processing

Your personal data are processed for the following purposes:

a) Website browsing

Purpose: to allow the display and proper functioning of the website and ensure IT security.

Legal basis: the Controller’s legitimate interest in the technical management and security of the website (Art. 6(1)(f) GDPR).

b) Managing requests sent through contact forms or e-mail

Purpose: to respond to requests for information, quotes, or assistance.

Data processed: identification and contact details, message content.

Legal basis: performance of pre-contractual or contractual measures requested by the data subject (Art. 6(1)(b) GDPR).

c) Newsletter subscription (if applicable)

Purpose: to send informational and/or promotional communications relating to the Controller’s services/products.

Legal basis: consent of the data subject (Art. 6(1)(a) GDPR).

You may withdraw your consent at any time by using the unsubscribe link included in every e-mail.

d) Compliance with legal obligations

Purpose: to comply with obligations established by laws, regulations, EU legislation, or requests from authorities.

Legal basis: fulfilment of legal obligations (Art. 6(1)(c) GDPR).

e) Legal defence and prevention of abuse/fraud

Purpose: to establish, exercise or defend legal claims; to prevent or report possible misuse of the website or fraudulent activities.

Legal basis: the Controller’s legitimate interest (Art. 6(1)(f) GDPR).

f) Statistical analysis and website improvement (e.g., through analytics tools)

Purpose: to obtain aggregated statistics on website usage (most visited pages, traffic flows, etc.) in order to improve content and services.

Legal basis:

the Controller’s legitimate interest, if tools are configured with appropriate anonymisation or pseudonymisation techniques;

user consent through the cookie banner, if tools allowing identification or profiling are used.

g) Marketing and profiling via cookies/third-party tools (if applicable)

Purpose: to display personalised content and advertisements based on user interests, and to measure marketing campaigns.

Legal basis: user consent (Art. 6(1)(a) GDPR), expressed through the cookie consent banner.

4. Provision of data

Providing browsing data is necessary to browse the website; failure to provide such data (e.g., blocking all technical cookies) may prevent the use of the website.

Providing contact data is necessary to receive a response to your inquiries; without such data, we may be unable to process your request.

Providing data for newsletter subscription and for marketing/profiling purposes is optional; failing to provide such data does not affect the use of the website, only the availability of these optional services.

5. Methods of processing

Data are processed using manual, electronic, and telematic tools, strictly related to the purposes described above, and always ensuring security and confidentiality in compliance with Articles 5 and 32 GDPR.

6. Data recipients

Data may be processed by:

Personnel expressly authorised by the Controller (employees/collaborators);

IT and hosting service providers, website maintenance services, e-mail providers, newsletter platform providers, etc., appointed as Data Processors under Art. 28 GDPR;

Other entities (professionals, consultants, public authorities) when communication is required by law or necessary for the protection of the Controller’s rights.

An updated list of Data Processors is available upon request at info.italia@holap.ch.

7. Transfer of data to third countries

Some service providers (e.g., analytics, cloud, newsletter services) may be located in or store data in countries outside the European Economic Area (EEA). In such cases, data transfers occur in compliance with Articles 44–49 GDPR, meaning:

to countries that have received an adequacy decision from the European Commission, or

on the basis of Standard Contractual Clauses or other appropriate safeguards.

8. Data retention period

Personal data are retained only for the time strictly necessary to achieve the purposes for which they were collected, specifically:

Browsing data: normally deleted after short periods (e.g., 7–30 days), unless further retention is required for the investigation of cybercrimes;

Data sent through contact forms/e-mails: retained for the time needed to process the request and, if applicable, for an additional 10 years if a contractual relationship is established or for legal defence purposes;

Newsletter data: until consent is withdrawn (unsubscribe);

Marketing/profiling data collected via cookies: for the periods indicated in the Cookie Policy and/or consent management panel.

In all cases, data may be stored for additional periods required by law (e.g., tax, accounting, or legal defence obligations).

9. Cookies and tracking tools

This website uses cookies and similar technologies for various purposes (technical, statistical, marketing).

For further details regarding cookie types, third-party providers, retention periods, and ways to manage your preferences, please refer to the Cookie Policy, available at any time from the website footer and through the consent management banner.

Through your browser settings and the consent management tool, you may at any time:

withdraw or modify your consent to non-technical cookies;

delete cookies already stored.

10. Rights of the data subject

As a data subject, you have the rights provided by Articles 15–22 GDPR, including:

Right of access: to obtain confirmation of whether personal data concerning you are being processed and to receive a copy of such data;

Right to rectification: to request correction of inaccurate data or completion of incomplete data;

Right to erasure (“right to be forgotten”), in the cases set out in Art. 17 GDPR;

Right to restriction of processing, in the cases set out in Art. 18 GDPR;

Right to data portability, within the limits of Art. 20 GDPR;

Right to object to processing based on legitimate interest and to processing for direct marketing purposes;

Right to withdraw consent at any time, without affecting the lawfulness of processing carried out before the withdrawal.

To exercise your rights, you may contact: info.italia@holap.ch.

You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) (www.garanteprivacy.it), according to the procedures indicated on its website.

11. Changes to this privacy notice

The Controller reserves the right to amend this notice at any time. The updated version will always be published on the website, indicating the date of the latest revision. Significant changes may also be communicated via e-mail or website banner.